Merge staging-next into staging

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

@@ -207,6 +207,13 @@
           <link linkend="opt-services.postfixadmin.enable">postfixadmin</link>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://sr.ht/~emersion/soju">soju</link>, a
+          user-friendly IRC bouncer. Available as
+          <link xlink:href="options.html#opt-services.soju.enable">services.soju</link>.
+        </para>
+      </listitem>
     </itemizedlist>
   </section>
   <section xml:id="sec-release-21.11-incompatibilities">
@@ -1120,6 +1127,15 @@ Superuser created successfully.
           release notes</link>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          GNOME desktop environment now enables
+          <literal>QGnomePlatform</literal> as the Qt platform theme,
+          which should avoid crashes when opening file chooser dialogs
+          in Qt apps by using XDG desktop portal. Additionally, it will
+          make the apps fit better visually.
+        </para>
+      </listitem>
     </itemizedlist>
   </section>
 </section>

nixos/doc/manual/release-notes/rl-2111.section.md

@@ -63,6 +63,8 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable
 
 - [postfixadmin](https://postfixadmin.sourceforge.io/), a web based virtual user administration interface for Postfix mail servers. Available as [postfixadmin](#opt-services.postfixadmin.enable).
 
+- [soju](https://sr.ht/~emersion/soju), a user-friendly IRC bouncer. Available as [services.soju](options.html#opt-services.soju.enable).
+
 ## Backward Incompatibilities {#sec-release-21.11-incompatibilities}
 
 
@@ -319,3 +321,5 @@ To be able to access the web UI this port needs to be opened in the firewall.
 - MariaDB was upgraded from 10.5.x to 10.6.x. Please read the [upstream release notes](https://mariadb.com/kb/en/changes-improvements-in-mariadb-106/) for changes and upgrade instructions.
 
 - The MariaDB C client library, also known as libmysqlclient or mariadb-connector-c, was upgraded from 3.1.x to 3.2.x. While this should hopefully not have any impact, this upgrade comes with some changes to default behavior, so you might want to review the [upstream release notes](https://mariadb.com/kb/en/changes-and-improvements-in-mariadb-connector-c-32/).
+
+- GNOME desktop environment now enables `QGnomePlatform` as the Qt platform theme, which should avoid crashes when opening file chooser dialogs in Qt apps by using XDG desktop portal. Additionally, it will make the apps fit better visually.

nixos/modules/module-list.nix

@@ -833,6 +833,7 @@
   ./services/networking/smokeping.nix
   ./services/networking/softether.nix
   ./services/networking/solanum.nix
+  ./services/networking/soju.nix
   ./services/networking/spacecookie.nix
   ./services/networking/spiped.nix
   ./services/networking/squid.nix

nixos/modules/services/networking/soju.nix

@@ -0,0 +1,113 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.soju;
+  stateDir = "/var/lib/soju";
+  listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") cfg.listen;
+  tlsCfg = optionalString (cfg.tlsCertificate != null)
+    "tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}";
+  logCfg = optionalString cfg.enableMessageLogging
+    "log fs ${stateDir}/logs";
+
+  configFile = pkgs.writeText "soju.conf" ''
+    ${listenCfg}
+    hostname ${cfg.hostName}
+    ${tlsCfg}
+    db sqlite3 ${stateDir}/soju.db
+    ${logCfg}
+    http-origin ${concatStringsSep " " cfg.httpOrigins}
+    accept-proxy-ip ${concatStringsSep " " cfg.acceptProxyIP}
+
+    ${cfg.extraConfig}
+  '';
+in
+{
+  ###### interface
+
+  options.services.soju = {
+    enable = mkEnableOption "soju";
+
+    listen = mkOption {
+      type = types.listOf types.str;
+      default = [ ":6697" ];
+      description = ''
+        Where soju should listen for incoming connections. See the
+        <literal>listen</literal> directive in
+        <citerefentry><refentrytitle>soju</refentrytitle>
+        <manvolnum>1</manvolnum></citerefentry>.
+      '';
+    };
+
+    hostName = mkOption {
+      type = types.str;
+      default = config.networking.hostName;
+      description = "Server hostname.";
+    };
+
+    tlsCertificate = mkOption {
+      type = types.nullOr types.path;
+      example = "/var/host.cert";
+      description = "Path to server TLS certificate.";
+    };
+
+    tlsCertificateKey = mkOption {
+      type = types.nullOr types.path;
+      example = "/var/host.key";
+      description = "Path to server TLS certificate key.";
+    };
+
+    enableMessageLogging = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Whether to enable message logging.";
+    };
+
+    httpOrigins = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = ''
+        List of allowed HTTP origins for WebSocket listeners. The parameters are
+        interpreted as shell patterns, see
+        <citerefentry><refentrytitle>glob</refentrytitle>
+        <manvolnum>7</manvolnum></citerefentry>.
+      '';
+    };
+
+    acceptProxyIP = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = ''
+        Allow the specified IPs to act as a proxy. Proxys have the ability to
+        overwrite the remote and local connection addresses (via the X-Forwarded-\*
+        HTTP header fields). The special name "localhost" accepts the loopback
+        addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected.
+      '';
+    };
+
+    extraConfig = mkOption {
+      type = types.lines;
+      default = "";
+      description = "Lines added verbatim to the configuration file.";
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    systemd.services.soju = {
+      description = "soju IRC bouncer";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      serviceConfig = {
+        DynamicUser = true;
+        Restart = "always";
+        ExecStart = "${pkgs.soju}/bin/soju -config ${configFile}";
+        StateDirectory = "soju";
+      };
+    };
+  };
+
+  meta.maintainers = with maintainers; [ malvo ];
+}

nixos/modules/services/search/elasticsearch.nix

@@ -5,8 +5,6 @@ with lib;
 let
   cfg = config.services.elasticsearch;
 
-  es6 = builtins.compareVersions cfg.package.version "6" >= 0;
-
   esConfig = ''
     network.host: ${cfg.listenAddress}
     cluster.name: ${cfg.cluster_name}
@@ -36,7 +34,8 @@ let
     postBuild = "${pkgs.coreutils}/bin/mkdir -p $out/plugins";
   };
 
-in {
+in
+{
 
   ###### interface
 
@@ -116,20 +115,20 @@ in {
 
     extraCmdLineOptions = mkOption {
       description = "Extra command line options for the elasticsearch launcher.";
-      default = [];
+      default = [ ];
       type = types.listOf types.str;
     };
 
     extraJavaOptions = mkOption {
       description = "Extra command line options for Java.";
-      default = [];
+      default = [ ];
       type = types.listOf types.str;
       example = [ "-Djava.net.preferIPv4Stack=true" ];
     };
 
     plugins = mkOption {
       description = "Extra elasticsearch plugins";
-      default = [];
+      default = [ ];
       type = types.listOf types.package;
       example = lib.literalExample "[ pkgs.elasticsearchPlugins.discovery-ec2 ]";
     };
@@ -146,9 +145,7 @@ in {
       path = [ pkgs.inetutils ];
       environment = {
         ES_HOME = cfg.dataDir;
-        ES_JAVA_OPTS = toString ( optional (!es6) [ "-Des.path.conf=${configDir}" ]
-                                  ++ cfg.extraJavaOptions);
-      } // optionalAttrs es6 {
+        ES_JAVA_OPTS = toString cfg.extraJavaOptions;
         ES_PATH_CONF = configDir;
       };
       serviceConfig = {
@@ -187,7 +184,10 @@ in {
         rm -f "${configDir}/logging.yml"
         cp ${loggingConfigFile} ${configDir}/${loggingConfigFilename}
         mkdir -p ${configDir}/scripts
-        ${optionalString es6 "cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options"}
+        cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options
+        # redirect jvm logs to the data directory
+        mkdir -m 0700 -p ${cfg.dataDir}/logs
+        ${pkgs.sd}/bin/sd 'logs/gc.log' '${cfg.dataDir}/logs/gc.log' ${configDir}/jvm.options \
 
         if [ "$(id -u)" = 0 ]; then chown -R elasticsearch:elasticsearch ${cfg.dataDir}; fi
       '';

nixos/modules/services/x11/desktop-managers/gnome.nix

@@ -372,6 +372,13 @@ in
       xdg.portal.enable = true;
       xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
 
+      # Harmonize Qt5 application style and also make them use the portal for file chooser dialog.
+      qt5 = {
+        enable = mkDefault true;
+        platformTheme = mkDefault "gnome";
+        style = mkDefault "adwaita";
+      };
+
       networking.networkmanager.enable = mkDefault true;
 
       services.xserver.updateDbusEnvironment = true;

pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c

@@ -122,7 +122,7 @@ int main(gint argc, gchar **argv) {
     }
 
     // hide all mounts we do from the parent
-    fail_if(mount(0, "/", 0, MS_PRIVATE | MS_REC, 0));
+    fail_if(mount(0, "/", 0, MS_SLAVE | MS_REC, 0));
 
     if (uid != 0) {
       spit("/proc/self/setgroups", "deny");

pkgs/development/beam-modules/default.nix

@@ -76,7 +76,7 @@ let
         debugInfo = true;
       };
 
-      elixir_ls = callPackage ./elixir_ls.nix { inherit elixir fetchMixDeps mixRelease; };
+      elixir_ls = callPackage ./elixir-ls { inherit elixir fetchMixDeps mixRelease; };
 
       lfe = lfe_1_3;
       lfe_1_3 = lib'.callLFE ../interpreters/lfe/1.3.nix { inherit erlang buildRebar3 buildHex; };

pkgs/development/beam-modules/elixir-ls/default.nix

@@ -68,4 +68,5 @@ mixRelease rec {
     platforms = platforms.unix;
     maintainers = teams.beam.members;
   };
+  passthru.updateScript = ./update.sh;
 }

pkgs/development/beam-modules/elixir-ls/update.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i oil -p jq sd nix-prefetch-github ripgrep
+
+# TODO set to `verbose` or `extdebug` once implemented in oil
+shopt --set xtrace
+
+var directory = $(dirname $0 | xargs realpath)
+var owner = "elixir-lsp"
+var repo = "elixir-ls"
+var latest_rev = $(curl -q https://api.github.com/repos/${owner}/${repo}/releases/latest | \
+  jq -r '.tag_name')
+var latest_version = $(echo $latest_rev | sd 'v' '')
+var current_version = $(nix-instantiate -A elixir_ls.version --eval --json | jq -r)
+if ("$latest_version" == "$current_version") {
+  echo "elixir-ls is already up-to-date"
+  return 0
+} else {
+  var tarball_meta = $(nix-prefetch-github $owner $repo --rev "$latest_rev")
+  var tarball_hash = "sha256-$(echo $tarball_meta | jq -r '.sha256')"
+  var sha256s = $(rg '"sha256-.+"' $directory/default.nix | sd '.+"(.+)";' '$1' )
+  echo $sha256s | read --line :github_sha256
+  echo $sha256s | tail -n 1 | read --line :old_mix_sha256
+  sd 'version = ".+"' "version = \"$latest_version\"" "$directory/default.nix"
+  sd "sha256 = \"$github_sha256\"" "sha256 = \"$tarball_hash\"" "$directory/default.nix"
+  sd "sha256 = \"$old_mix_sha256\"" "sha256 = \"\"" "$directory/default.nix"
+
+  var new_mix_hash = $(nix-build -A elixir_ls.mixFodDeps 2>&1 | \
+    tail -n 1 | \
+    sd '\s+got:\s+' '')
+
+  sd "sha256 = \"\"" "sha256 = \"$new_mix_hash\"" "$directory/default.nix"
+}

pkgs/development/libraries/qgnomeplatform/default.nix

@@ -2,12 +2,12 @@
 , lib
 , fetchFromGitHub
 , nix-update-script
+, cmake
 , pkg-config
-, gtk3
+, adwaita-qt
 , glib
+, gtk3
 , qtbase
-, qmake
-, qtx11extras
 , pantheon
 , substituteAll
 , gsettings-desktop-schemas
@@ -15,13 +15,13 @@
 
 mkDerivation rec {
   pname = "qgnomeplatform";
-  version = "0.6.1";
+  version = "0.8.0";
 
   src = fetchFromGitHub {
     owner = "FedoraQt";
     repo = "QGnomePlatform";
     rev = version;
-    sha256 = "1mwqg2zk0sfjq54vz2jjahbgi5sxw8rb71h6mgg459wp99mhlqi0";
+    sha256 = "C/n8i5j0UWfxhP10c4j89U+LrpPozXnam4fIPYMXZAA=";
   };
 
   patches = [
@@ -33,24 +33,21 @@ mkDerivation rec {
   ];
 
   nativeBuildInputs = [
+    cmake
     pkg-config
-    qmake
   ];
 
   buildInputs = [
+    adwaita-qt
     glib
     gtk3
     qtbase
-    qtx11extras
   ];
 
-  postPatch = ''
-    # Fix plugin dir
-    substituteInPlace decoration/decoration.pro \
-      --replace "\$\$[QT_INSTALL_PLUGINS]" "$out/$qtPluginPrefix"
-    substituteInPlace theme/theme.pro \
-      --replace "\$\$[QT_INSTALL_PLUGINS]" "$out/$qtPluginPrefix"
-  '';
+  cmakeFlags = [
+    "-DGLIB_SCHEMAS_DIR=${glib.getSchemaPath gsettings-desktop-schemas}"
+    "-DQT_PLUGINS_DIR=${placeholder "out"}/${qtbase.qtPluginPrefix}"
+  ];
 
   passthru = {
     updateScript = nix-update-script {

pkgs/development/libraries/qgnomeplatform/hardcode-gsettings.patch

@@ -1,13 +1,14 @@
-diff --git a/common/gnomehintssettings.cpp b/common/gnomehintssettings.cpp
-index 9860e57..40fa6ec 100644
---- a/common/gnomehintssettings.cpp
-+++ b/common/gnomehintssettings.cpp
-@@ -80,9 +80,17 @@ void gtkMessageHandler(const gchar *log_domain,
- GnomeHintsSettings::GnomeHintsSettings()
-     : QObject(0)
+diff --git a/src/common/gnomesettings.cpp b/src/common/gnomesettings.cpp
+index 717cc9b..ee255ea 100644
+--- a/src/common/gnomesettings.cpp
++++ b/src/common/gnomesettings.cpp
+@@ -150,10 +150,18 @@ GnomeSettingsPrivate::GnomeSettingsPrivate(QObject *parent)
+     : GnomeSettings(parent)
      , m_usePortal(checkUsePortalSupport())
+     , m_canUseFileChooserPortal(!m_usePortal)
 -    , m_gnomeDesktopSettings(g_settings_new("org.gnome.desktop.wm.preferences"))
 -    , m_settings(g_settings_new("org.gnome.desktop.interface"))
+     , m_fallbackFont(new QFont(QLatin1String("Sans"), 10))
  {
 +    g_autoptr(GSettingsSchemaSource) schemaSource = nullptr;
 +    g_autoptr(GSettingsSchema) gnomeDesktopSchema = nullptr;

pkgs/development/python-modules/pex/default.nix

@@ -6,11 +6,11 @@
 
 buildPythonPackage rec {
   pname = "pex";
-  version = "2.1.46";
+  version = "2.1.47";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "28958292ab6a149ef7dd7998939a6e899b2f1ba811407ea1edac9d2d84417dfd";
+    sha256 = "0928d0316caac840db528030fc741930e8be22a3fa6a8635308fb8443a0a0c6a";
   };
 
   nativeBuildInputs = [ setuptools ];

pkgs/development/web/nodejs/v12.nix

@@ -8,7 +8,7 @@ let
 in
   buildNodejs {
     inherit enableNpm;
-    version = "12.22.5";
-    sha256 = "057xhxk440pxlgqpblsh4vfwmfzy0fx1h6q3jr2j79y559ngy9zr";
+    version = "12.22.6";
+    sha256 = "0yhgkcp7lx5nglxsrybbjymx1fys3wkbbhkj6h6652gnp0b2y0n2";
     patches = lib.optional stdenv.isDarwin ./bypass-xcodebuild.diff;
   }

pkgs/development/web/nodejs/v14.nix

@@ -7,7 +7,7 @@ let
 in
   buildNodejs {
     inherit enableNpm;
-    version = "14.17.5";
-    sha256 = "1a0zj505nhpfcj19qvjy2hvc5a7gadykv51y0rc6032qhzzsgca2";
+    version = "14.17.6";
+    sha256 = "0pmd0haav2ychhcsw44klx6wfn8c7j1rsw08rc8hcm5i3h5wsn7l";
     patches = lib.optional stdenv.isDarwin ./bypass-xcodebuild.diff;
   }

pkgs/games/wesnoth/default.nix

@@ -6,13 +6,13 @@
 
 stdenv.mkDerivation rec {
   pname = "wesnoth";
-  version = "1.14.16";
+  version = "1.14.17";
 
   src = fetchFromGitHub {
     rev = version;
     owner = "wesnoth";
     repo = "wesnoth";
-    sha256 = "sha256-QMz7atxol18r//UNb6+H6xAAEQdR4hAN8UW0KeGSH1g=";
+    sha256 = "RZ38MbUaUjfajo9wXSfDt8NHBySC+ODlgZAPf2NPblc=";
   };
 
   nativeBuildInputs = [ cmake pkg-config ];
@@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
     '';
 
     homepage = "https://www.wesnoth.org/";
-    license = licenses.gpl2;
+    license = licenses.gpl2Plus;
     maintainers = with maintainers; [ abbradar ];
     platforms = platforms.unix;
   };

pkgs/servers/search/elasticsearch/7.x.nix

@@ -59,6 +59,9 @@ stdenv.mkDerivation (rec {
 
     chmod +x $out/bin/*
 
+    substituteInPlace $out/bin/elasticsearch \
+      --replace 'bin/elasticsearch-keystore' "$out/bin/elasticsearch-keystore"
+
     wrapProgram $out/bin/elasticsearch \
       --prefix PATH : "${makeBinPath [ util-linux coreutils gnugrep ]}" \
       --set JAVA_HOME "${jre_headless}"

pkgs/tools/system/monit/default.nix

@@ -1,17 +1,22 @@
-{ lib, stdenv
-, fetchurl, bison, flex
+{ lib
+, stdenv
+, fetchurl
+, bison
+, flex
 , zlib
-, usePAM ? stdenv.hostPlatform.isLinux, pam
-, useSSL ? true, openssl
+, usePAM ? stdenv.hostPlatform.isLinux
+, pam
+, useSSL ? true
+, openssl
 }:
 
 stdenv.mkDerivation rec {
   pname = "monit";
-  version = "5.27.2";
+  version = "5.29.0";
 
   src = fetchurl {
     url = "${meta.homepage}dist/monit-${version}.tar.gz";
-    sha256 = "sha256-2ICceNXcHtenujKlpVxRFIVRMsxNpIBfjTqvjPRuqkw=";
+    sha256 = "sha256-9mXm3R8mp0tWgomah3k0Fn3islguBIZS7PA2MYR3iF8=";
   };
 
   nativeBuildInputs = [ bison flex ];
@@ -22,10 +27,10 @@ stdenv.mkDerivation rec {
   configureFlags = [
     (lib.withFeature usePAM "pam")
   ] ++ (if useSSL then [
-      "--with-ssl-incl-dir=${openssl.dev}/include"
-      "--with-ssl-lib-dir=${openssl.out}/lib"
-    ] else [
-      "--without-ssl"
+    "--with-ssl-incl-dir=${openssl.dev}/include"
+    "--with-ssl-lib-dir=${openssl.out}/lib"
+  ] else [
+    "--without-ssl"
   ]) ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
     # will need to check both these are true for musl
     "libmonit_cv_setjmp_available=yes"
@@ -33,7 +38,7 @@ stdenv.mkDerivation rec {
   ];
 
   meta = {
-    homepage = "http://mmonit.com/monit/";
+    homepage = "https://mmonit.com/monit/";
     description = "Monitoring system";
     license = lib.licenses.agpl3;
     maintainers = with lib.maintainers; [ raskin wmertens ryantm ];

pkgs/top-level/all-packages.nix

@@ -18518,7 +18518,7 @@ with pkgs;
 
   qrupdate = callPackage ../development/libraries/qrupdate { };
 
-  qgnomeplatform =  libsForQt514.callPackage ../development/libraries/qgnomeplatform { };
+  qgnomeplatform = libsForQt5.callPackage ../development/libraries/qgnomeplatform { };
 
   randomx = callPackage ../development/libraries/randomx { };